Skip to content

Deserialization Attacks

React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js- A Log4Shell‑Style Wake‑Up Call

On 3rd December 2025, a critical remote code execution vulnerability was disclosed in the React Server Components (RSC) ecosystem, widely known as React2Shell and tracked as CVE‑2025‑55182 (React) and CVE‑2025‑66478 (Next.js, later merged into the main CVE). The flaw allows unauthenticated remote code execution (pre‑auth RCE) on servers using React Server Components and frameworks like… Read More »React2Shell (CVE-2025-55182): Pre‑Auth RCE In React & Next.js- A Log4Shell‑Style Wake‑Up Call

Coupang Data Breach

Date of Incident: June 24, 2025 Overview: The Coupang Data Breach, reported on December 1, 2025, impacting the retail sector, involved the customer database being accessed without authorization on June 24, 2025. Abnormal activity was detected on November 14, 2025, with breaches potentially dating back to June 2025. Coupang announced the breach and provided details… Read More »Coupang Data Breach

Weekly Report: New Hacking Techniques and Critical CVEs 22 Oct – 28 Oct, 2025

This week saw high-impact technical threats: WSUS servers actively exploited, LockBit ransomware’s upgraded return, dozens of new zero-days unveiled at Pwn2Own Ireland, advanced social engineering campaigns (ClickFix), and major underground coordination—each demanding proactive CISO action. >>Outpace Attackers With AI-Based Automated Penetration Testing New Hacking Techniques ClickFix Fullscreen Update Scam (Oct 27) Attackers deploy a convincing… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 22 Oct – 28 Oct, 2025

Weekly Report: New Hacking Techniques and Critical CVEs 7 Oct – 13 Oct 2025

The week of October 7-13, 2025, witnessed an unprecedented escalation in cybersecurity threats, marked by the active exploitation of critical zero-day vulnerabilities and sophisticated ransomware campaigns targeting enterprise infrastructure. Seven major incidents dominated the threat landscape, with particular focus on Oracle E-Business Suite and Redis vulnerabilities being exploited by prominent threat actors including Cl0p ransomware… Read More »Weekly Report: New Hacking Techniques and Critical CVEs 7 Oct – 13 Oct 2025

Discord Zendesk Support System Data Breach

Date of Incident: September 20, 2025 Overview: In September 2025, Discord experienced a significant data breach involving their Zendesk support system, affecting 5.5 million users. Attackers exploited weaknesses in Zendesk’s access controls, leading to the theft of 1.6 terabytes of data. This included sensitive information such as government IDs, partial payment information, emails, and phone… Read More »Discord Zendesk Support System Data Breach

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.